Ultimate Server Lucid Customization

These instructions ought to be followed for every installation method of the Ultimate Server Lucid, except when installing using the step-by-step walkthrough. When completed, a reasonably secure installation will have been achieved. The steps are meant to be done in order, because some later steps are dependent on earlier steps. These steps should take about 30 minutes to perform.

Enable BIOS power-up

Change the computer's BIOS settings so that after a power failure the computer will automatically powerup and restart to the default OS. (This is important for servers.) At bootup, enter the BIOS menu using whichevever key is appropriate for your computer's BIOS:

Set networking parameters

Set the static IP address for your server. If your computer already has a static LAN IP address assigned on your network, use it. Otherwise choose a static LAN IP address that (preferably) is not part of the DHCP address range used by your router (or DHCP server). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.)

Note: These are examples only. You must obtain your own account and password to use with the system. While several Dynamic DNS services are available and can be used, the walkthrough instructions refer to DynDNS.com. Decide on a naming scheme for your set of servers. The installation walkthrough uses mylucid00.dyndns.org, mylucidbbb00.dyndns.org, mylucidmoodle00.dyndns.org, mylucidwiki00.dyndns.org, mylucidcalendar00.dyndns.org, and mylucidweb00.dyndns.org, but (obviously) these cannot be used for your system and you must choose a new naming scheme.

DynDNS.com allows the creation five free domain name URLs, so choose your naming scheme carefully and then create/activate the 5 URLs for your system at DynDNS.com. For example:

Clearly you must use your own login ID and password (created during signup at DynDNS.com), and replace the server URL names with the ones that match your naming scheme (and which you activated at DynDNS.com).

Change important passwords

System:

ID: lucidadmin00 Password: lucidword00

How to change (mandatory):

sudo passwd lucidadmin00

System guest:

ID: mylucid00guest Password: mylucidguestpassword

How to change (mandatory):

sudo passwd mylucid00guest

MySQL

ID: root Password: lucidsql00

How to change (recommended):

mysqladmin -u root --password=lucidsql00 password newrootsqlpw

If you have lost the MySQL root user password entirely, then see this solution.

Customize BigBlueButton

Customize BigBlueButton:

If your chosen URL for the BigBlueButton is clarkkentbbb.dyndns.org, for example, then

Change the password for each wiki individually by logging in separately (http://clarkkent.dyndns.org/public and http://clarkkent.dyndns.org/private). The ID and password are initially the same for both wikis (but this obviously can be changed).

Login to each website individually (http://clarkkent.dyndns.org and http://clarkkentweb.dyndns.org) and adjust the admin user password and the Theme settings. (Until you adjust the Theme settings, the graphics will not display properly).

(Use clarkkentweb.dyndns.org when customizing the other website, obviously.)

update the websites:

http://clarkkent.dyndns.org/update.php

http://clarkkentweb.dyndns.org/update.php

Note: DynDNS only allows 5 free URLs. If you have activated clarkkentcalendar.dyndns.org as the 5th URL, you will not be able to connect through the web to clarkkentweb.dyndns.org. However, it is possible to deactivate a URL on DynDNS, create/activate a new URL, go through the customization steps using the activated URL, then deactivate that URL (if is no longer desired) and reactivate the (previously deactivated) desired one(s).

Adjust SSH for remote connections

Adjust SSH for remote connections

The usual default SSH port is 22, but in the Ultimate Server this has been changed to port 22199. You can change it again, if you choose. Make sure your router forwards traffic for the chosen port to your computer's LAN IP address (as set above). (Use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu.)

sudo kate /etc/ssh/sshd_config

change the listening port:

Port 22199

then restart the OpenSSH server:

sudo /etc/init.d/ssh restart

Make sure the router forwards the selected listening port (e.g. 22199) to the IP address (e.g. 192.168.0.99) of the server.

Remove the insecure SSH files distributed with the system and generate new ones:

Make sure that a file named authorized_keys (with write privileges) is in the /home/myownuserID/.ssh folder. If not, create such a file (using the "touch" command to create an empty file) after logging into the server as myownuserID:

cd ~/.ssh
touch authorized_keys

Alternatively, you can copy the original authorized_keys file from the /etc/lucidadmin00/.ssh folder (as long as it has been revised and is not the original insecure authorized_keys file distributed with the system). This is useful if you wish to keep both the lucidadmin00 and myownuserID users.

Change hostname (optional)

I don't recommend changing the hostname, but it can be changed by editing the /etc/hostname file and the /etc/hosts file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu)

sudo kate /etc/hostname
sudo kate /etc/hosts

It is not necessary for security reasons to change your hostname, and it is not recommended especially if you have already been using the system for a while (as the hostname can be used in several configuration files other than the two noted).